-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.clickhouse:clickhouse-r2dbc | maven | < 0.4.6 | 0.4.6 |
| com.clickhouse:clickhouse-jdbc | maven | < 0.4.6 | 0.4.6 |
| com.clickhouse:clickhouse-client | maven | < 0.4.6 | 0.4.6 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in exception logging where ClickHouseNode's toString() method reveals sensitive options. The patch modifies this exact method to filter sensitive values using a new sensitiveOptions map. The pre-patch version (vulnerable) lacked this filtering, directly exposing sslkey values in exception messages. This function appears in stack traces when connection exceptions occur, making it the primary runtime indicator.